|
Cad_Monkey2 posted:I'm having some problems with the mail() function. The problem is that you're concatenating really strangely, and I'm pretty sure breaking syntax rules. Try this: php:<? $headers = "To: $firstname $lastname <$email>" . "\r\n" . "From: $f_firstname $f_lastname" . "\r\n"; ?>
|
# ? Oct 28, 2009 03:31 |
|
|
# ? Jun 4, 2024 03:29 |
|
fletcher posted:After I read this post I sang "P-H-P" aloud to the tune of AC/DC's T.N.T. AWESOME! Now its stuck in my head thanks!
|
# ? Oct 28, 2009 03:39 |
|
Oh good god. I installed this wordpress plugin that has a bulk upload function, so I try to upload a zip and get an error. I ask the lad who made it what gives, he says I don't have the proper extensions enabled in php. I tried to look up how to install the zip extension, but it's a little beyond me. I'm on a dedicated server with cpanel/whm, and I have root access and all but I've rarely had to muck around in there. Can anyone tell me how to get this bloody thing installed so I can keep from manually uploading several thousand jpegs?
|
# ? Oct 28, 2009 23:18 |
|
apekillape posted:Oh good god. I honestly forget if cpanel has the capability to edit the php.ini file, but you need to find it. After you do, look for: code:
Oh, and first check to see if your server even contains php_zip.dll under the ext folder. If not, download it.
|
# ? Oct 29, 2009 00:12 |
|
Aturaten posted:I honestly forget if cpanel has the capability to edit the php.ini file, but you need to find it. After you do, look for: Don't do this!!! Instead use Easy Apache in WHM to add the Zip Extension under Exhaustive Options. If you don't use Easy Apache currently, then do whatever. If you modify things manually and then want to use Easy Apache later, things may not work as intended. I find it is best to either manually build and configure Apache and PHP or use Easy Apache, not both! http://twiki.cpanel.net/twiki/bin/view/EasyApache3/WebHome
|
# ? Oct 29, 2009 00:28 |
|
DarkLotus posted:Don't do this!!! Holy poo poo, I can't believe I missed that. I've been mucking around in Putty and google all day trying to manipulate PECL and a bunch of other nonense, when it's been right there in EasyApache all this time. Rebuilding now, thanks so much!
|
# ? Oct 29, 2009 00:40 |
|
apekillape posted:Holy poo poo, I can't believe I missed that. I've been mucking around in Putty and google all day trying to manipulate PECL and a bunch of other nonense, when it's been right there in EasyApache all this time. My pleasure. I'm not sure what you use your server for, but I have 3 cPanel / WHM servers for Lithium Hosting and I don't mind sharing my knowledge and experience!
|
# ? Oct 29, 2009 01:01 |
|
DarkLotus posted:My pleasure. I'm not sure what you use your server for, but I have 3 cPanel / WHM servers for Lithium Hosting and I don't mind sharing my knowledge and experience! Haha, good to hear. I'm sure I'll have something else come up soon enough. I mostly just have the one semi-beefy dedicated server for general web hosting and php scraping scripts. I figured I should actually try and net some revenue with it instead of letting it sit and mock me, so I'm building some wordpress sites and some other general junk just to see if I can break even at a couple bucks a day from adsense or something. It's quite maddening, I'm good enough to follow directions and all most times, but just trying to sift through and ask the right question takes a whole day sometimes. I'll definitely be back here more though, apparently goon help is the best help.
|
# ? Oct 29, 2009 01:06 |
|
DarkLotus posted:Don't do this!!! Well aren't we Mr. "I own a loving web hosting company". Kids today, and their easy techno babble. In my day, we had to write our own CGI poll scripts, and small chinese men ran our servers. As a serious side note, I did not know this, and I loving love Lithiumhosting.
|
# ? Oct 29, 2009 01:26 |
|
Crap, something else I forgot about. I was trying to remove some folders after I uninstalled another plugin, and apparently since the plugin created them and I removed it they now belong to "nobody" or "User/Group 99". I delete them in File Manager via cpanel and they just come back, and in the ftp I get a 550 Permission Denied error. Is there an easy way to re-permission or chmod them?
|
# ? Oct 29, 2009 01:39 |
|
apekillape posted:Crap, something else I forgot about. login as root and type chown user.user /home/user/public_html/folder -R
|
# ? Oct 29, 2009 02:03 |
|
Aturaten posted:Well aren't we Mr. "I own a loving web hosting company". At first I wasn't too pleased with the direction your post was going until I saw that you love Lithium Hosting. Then I smiled
|
# ? Oct 29, 2009 02:04 |
|
DarkLotus posted:login as root and type chown user.user /home/user/public_html/folder -R I got this: chown: `user.user': invalid user
|
# ? Oct 29, 2009 02:10 |
|
apekillape posted:I got this: sorry, not literally user.user, but whatever the user name is that wordpress is installed for.
|
# ? Oct 29, 2009 02:28 |
|
DarkLotus posted:sorry, not literally user.user, but whatever the user name is that wordpress is installed for. Of course it is. Totally worked, thanks again.
|
# ? Oct 29, 2009 06:15 |
|
I must be missing something really obvious, but I can't seem to find a quick dynamic way to traverse a multi-dimentional array using an array of keys, and get the result.php:<? // Keys array can be any length $keys = array("one", "apple", "blue"); // Store contains keyed values $store = array( "one"=>array( "apple"=>array( "blue"=>"hello", "pink"=>"goodbye" ) ), "two"=>"something else" ); // Static code example echo $store[$keys[0]][$keys[1]][$keys[2]]; // "hello" // Crap method $result = $store; foreach ($keys as $key) { $result = $result[$key]; } echo $result // "hello" ?>
|
# ? Oct 29, 2009 12:44 |
|
v1nce posted:The foreach method seems retarded and wastes a lot of memory if $store happens to be very large. See for yourself This article is a pretty good explanation of references in PHP.
|
# ? Oct 29, 2009 13:07 |
|
Oh hey, thanks! I know all about references but I always figured $a=$b just straight duplicated the variable in memory when it was created, I didn't realise it was a reference unless changes are made.
|
# ? Oct 29, 2009 13:20 |
|
Aturaten posted:The problem is that you're concatenating really strangely, and I'm pretty sure breaking syntax rules. I'll try this on the weekend, thanks for the suggestion.
|
# ? Oct 29, 2009 21:56 |
|
Aturaten posted:The problem is that you're concatenating really strangely, and I'm pretty sure breaking syntax rules.
|
# ? Oct 29, 2009 22:35 |
|
Jesus Christ. I've been coding in PHP/Codeigniter for a couple of months on and off now (new language/framework for me, used to Java, C#, VB.NET, and C++) and I couldn't find a decent IDE. I used Notepad++ in lieu of anything good along with MySQL Administrator tools to do Schema editing and so forth. If I ran in to bugs, I did echo debugging to find where the problem was. I repeat: Jesus. Christ. Why didn't anyone tell me to use Netbeans? I only tried it on a whim due to my last boss loving it to death (I couldn't use it because my work involved SAP/Java/Web DynPro). This thing does everything. Notepad++ was a piece of poo poo that kept crashing and brought nothing to the table. This brings everything to the table and I have yet to test stability to any extent, but it seems fine so far. There really should be a section devoted to IDE's in the OP, IMO. I asked in this thread before, I think, but I thought I'd make a post just in case someone else wants to try it out for themselves.
|
# ? Oct 30, 2009 17:38 |
|
Aturaten posted:The problem is that you're concatenating really strangely, and I'm pretty sure breaking syntax rules. Try to avoid putting " $variables in strings" it is ambiguous and a pita for anyone trying to read. Preferably you'd do... php:<? $headers = sprintf( "To: %s %s <%s>\r\nFrom: %s %s\r\n", $firstname, $lastname, $email, $f_firstname, $f_lastname );?> WHY? I mean you can still use "concatanation" . $for . " basic things", but sprintf is nice in that it separates your strings from your variables, so if you had a language file that had bunch of statements like: en_GB.php: php:<? define( "INTRO", "Hi, my name is %s.\n" );?> php:<? define( "INTRO", "Bonjour, Je suis %s.\n" ); // excuse my poor french?> php:<? sprintf( INTRO, $name );?> Other cool things: You can format numbers, add decimal points and leading zeroes with ease. http://www.w3schools.com/PHP/func_string_printf.asp You can REUSE variables. For instance. php:<? $lname = "Bond"; $fname = "James"; printf( 'The name's %1$s, %2$s %1$s.', $lname, $fname ); /* Output The name's Bond, James Bond. */ ?> Rat Supremacy fucked around with this message at 17:50 on Oct 30, 2009 |
# ? Oct 30, 2009 17:40 |
|
Aturaten posted:The problem is that you're concatenating really strangely, and I'm pretty sure breaking syntax rules. As hammerite said, I don't think he's breaking anything with his synatx. From looking at a few comments there's talk of mail falling over when using "\r\n", rather than just "\n". Try dropping the carriage return and see if it works. Good recommendation haywire, and something everyone should pay attention to. If I'm not using sprintf I tend to do the following: php:<? $headers = "To: {$firstname} {$lastname} <{$email}>\r\n"; $headers.= "From: {$f_firstname} {$f_lastname"}\r\n"; ?>
|
# ? Oct 30, 2009 17:58 |
|
When I have to build something using long blocks of text I like to use heredocsphp:<? $headers = <<<EOT To: {$firstname} {$lastname} <{$email}>\r\n From: {$f_firstname} {$f_lastname}\r\n EOT; ?>
|
# ? Oct 30, 2009 18:03 |
|
TreFitty posted:I repeat: Jesus. Christ. I think NetBeans' PHP support is fairly new isn't it? I was messing with it in the spring and the highlighting parser was a little hosed so I couldn't get it looking right or working consistently. The code completion was also buggy. Notepad++ should be pretty stable if you disable the line change highlighting plugin. Not that it's a real IDE or anything, but it crashes about once every six months for me and I use it every day. Edit: this is not to say that NP++ is the end-all-be-all of editors. The guy who develops it has made some really terrible UI decisions and he seems to derive sexual pleasure from breaking plugin compatibility, but it works pretty darn well for being free. haywire posted:sprintf I find sprintf strings less readable than the variable expansion strings because my editor highlights the variables inside the strings. Munkeymon fucked around with this message at 20:02 on Oct 30, 2009 |
# ? Oct 30, 2009 18:12 |
TreFitty posted:Why didn't anyone tell me to use Netbeans? I only tried it on a whim due to my last boss loving it to death (I couldn't use it because my work involved SAP/Java/Web DynPro). Never even heard of this. I currently use Notepad++ as well (and sftp-drive) to write all my code. All I want is an editor that can do key based authentication to edit remotely hosted code, sftp-drive is the biggest piece of poo poo.
|
|
# ? Oct 30, 2009 18:29 |
|
fletcher posted:Never even heard of this. I currently use Notepad++ as well (and sftp-drive) to write all my code. All I want is an editor that can do key based authentication to edit remotely hosted code, sftp-drive is the biggest piece of poo poo. 90% of the time I use SSH and nano, but occasionally if I can be bothered to set up a share drive I'll use Notepad++. Just recently I finally got around to writing a half-decent PHP syntax highlighter for nano, up until then I was doing everything in glorious monochrome. Some day I'll learn something proper like vi or emacs.
|
# ? Oct 30, 2009 18:35 |
|
Munkeymon posted:I think NetBeans' PHP support is fairly new isn't it? I was messing with it in the spring and the highlighting parser was a little hosed so I couldn't get it looking right or working consistently. The code completion was also buggy. Agreed. It's one of those functions with limited uses that some try to use for everything. If you're not coding in an editor with syntax highlighting, you shouldn't be coding, because you'll be blind in three years. He's contacentating strangely because he's using double quotes, but not containing the variables within. As for "breaking syntax rules", I said "pretty sure", and I still think he is, but I am not sure WHY.
|
# ? Oct 30, 2009 18:53 |
|
fletcher posted:Never even heard of this. I currently use Notepad++ as well (and sftp-drive) to write all my code. All I want is an editor that can do key based authentication to edit remotely hosted code, sftp-drive is the biggest piece of poo poo. I personally use UltraEdit. It allows me to remotely edit code using SFTP and the syntax highlighting works well for my needs. I've never used Notepad++, NetBeans, or any Framework or IDE though.
|
# ? Oct 30, 2009 19:30 |
|
fletcher posted:Never even heard of this. I currently use Notepad++ as well (and sftp-drive) to write all my code. All I want is an editor that can do key based authentication to edit remotely hosted code, sftp-drive is the biggest piece of poo poo. You want http://winscp.net/eng/index.php Configure it to open everything in Notepad++ and go (Options - Prefrences - Editors). You just double-click to download and open things on the remote host and it will automagically upload on save. It will also open PuTTY for you when you're on a secure connection. Regular, non-secure FTP is a little flaky, but I'm going to go ahead and blame that on the FileZilla library he uses because SFTP is pretty solid.
|
# ? Oct 30, 2009 19:56 |
|
Aturaten posted:He's contacentating strangely because he's using double quotes, but not containing the variables within. As for "breaking syntax rules", I said "pretty sure", and I still think he is, but I am not sure WHY. I agree that if you're not going to make use of the parsing of double-quoted strings for variables, then it is in principle more sensible to use single-quoted strings. However, I think you're wrong about him breaking syntax rules; I don't believe he is and I'm curious as to what about his syntax you could suspect of being illegal.
|
# ? Oct 30, 2009 20:55 |
Munkeymon posted:You want http://winscp.net/eng/index.php I've tried that in the past but I don't like having to switch between two programs. Integrated folder explorer is a must for me. sftp-drive works fine it's just slow as all hell.
|
|
# ? Oct 30, 2009 22:28 |
|
fletcher posted:I've tried that in the past but I don't like having to switch between two programs. Integrated folder explorer is a must for me. sftp-drive works fine it's just slow as all hell. It's not free and is windows only (currently) but has pretty good explorer integration, and you can create virtual folders for a project and plop in remote files from there. It can do key based auth as well. I personally found the editor to be a little aggressive in the ways it would auto-format stuff as I typed*. That can all be turned off or modified, but I didn't want to hassle myself customizing the gently caress out of it just to get it to behave like a moderate code-formatting IDE (lining up brackets, tabs, etc), plus I didn't have a huge need to edit remotely so I moved on once the trial expired. But YMMV. * For instance if you typed: > function<space> at the start of a new line, it converts it to: > function _() > { > } with '_' being the cursor.
|
# ? Oct 30, 2009 23:34 |
|
Code editors? If I *need* an IDE, zend is the way to go. However, I don't for PHP as it is mostly trivial, so I present thee... http://www.sublimetext.com Can't find anything like it. It has textmate theme support (yay), is extensible, has "snippets", supports lots and lots of languages, has minimap, and is loving fast. I found with e text editor, it would slow up if you highlighted a big block of text. Not with Sublime. It is like the guy has taken all the things he finds piss annoying about other editors and got rid of them. It also has a simplistic project interface (keyboard driven) and various other crap. It is $60 but I emailed the guy and he says it is fine to use it after the trial period, just ignore the odd nag dialog (which is, IMHO, a lot less annoying than all the things that piss me off about other editors). It also has the added benefit of people asking what sort of crazy cool editor you're using in lectures. Personally I try to avoid writing directly to remote servers with my workflow, but for the times that I need to, alt-tabbing to WinSCP never did anyone harm. v1nce posted:As hammerite said, I don't think he's breaking anything with his synatx. Also consider: php:<? $headers = "To: {$firstname} {$lastname} <{$email}>\r\n" . "From: {$f_firstname} {$f_lastname"}\r\n"; ?> I try to avoid Heredocs as they don't really solve anything and IIRC are the slowest of the methods. You should also be trying to avoid mixing languages - it makes no sense to have a bunch of English text in a source code file. English text should be defined in a separate file for maintainability. Next you'll be talking about putting HTML in application code! Crikey! For things like form generation, use the definitions-in-another-file and have it under a folder like ./resource or something. Munkeymon posted:
Suit yourself, but sprintf is useful for a bunch of other reasons, too. Separation of static and dynamic data, for instance. Rat Supremacy fucked around with this message at 14:06 on Oct 31, 2009 |
# ? Oct 31, 2009 13:46 |
|
With regards to my mail() function not handling the extra headers, it's been solved in a manner of speaking. A quote from my hosting company.. "CC and BCC headers when using php's mail() function are blocked by the suhosin security module. This is intentional. If you need a script that sends such headers please use SMTP to send the mail as this allows us to keep better track of outgoing mail for the purpose of identifying and stopping spam. There are many methods for sending SMTP mail including the PEAR Mail package." So that's another little challenge to get my teeth into. Thanks to all who chipped in with an attempted solution, I leant a fair amount of things whilst running through all your replies.
|
# ? Nov 2, 2009 00:00 |
|
You might want to look at Swift Mailer.
|
# ? Nov 2, 2009 00:07 |
|
I looked back a few pages and couldn't see this asked, sorry if it's one of those questions.. Is there a good tutorial covering what issues need to be protected against when making a cookied login system? I've tried looking on Google but can only find tutorials from years ago - I'm sure there's new vulnerabilities since then that need to be accounted for. Basically I'm working on an ajax-y side project and want it to work like GMail (login wise) - having ticked the 'remember me' box and stored a cookie, you can then close the browser (killing the session), reopen and go back to the site without logging in again. I don't have SSL on my server (shared hosting), but I just want to make it as secure as I can reasonably. For the AJAX I was going to just calling the server each time an operation takes place, but I quickly realised this would be firing off far too many requests given the application, so I'm now thinking of storing the operations in a buffer and sending this every 10 seconds or so. To make this secure I was going to include a random seed in the response from the server, which needs to be included in the next request. Does this seem reasonable, or is there a better pattern to use? Sorry for the naive questions, as I say I'm a bit out of touch with PHP/web security as it's been a few years and things have progressed massively.
|
# ? Nov 4, 2009 19:01 |
|
Hrmmm.... I am curious to answers to a lot of your questions too as I know for a fact that a lot of the poo poo I am working on right now is riddled with security holes. Right now we use a cookie that stores a hash of the IP combined with a unique token that is stored in a db. When the site loads it looks for that cookie and checks the ip and the token against the db and automatically marks them as logged in if its ok. I am sure its poo poo. Some of the web APIs I work with do have a unique tranaction key that is passed on a response and needs to be passed on the next transaction. However that is not for security, instead that is used to make sure the conversation doesn't go out of sync and with the added "convenience" of not having to pass the login info on each request. Its actually a pain in the rear end. I think its pretty standard though to have a header on each XML request with either authentication info, or a session token that expires server side. I don't think there is any need to poll the server every so many seconds or what not to authenticate. I think you just need to authenticate each request through ajax. I am pretty sure thats what Gmail does, I don't see why you would want to keep checking the server to make sure your login is valid. Everything on the client side is exposed anyways. So IMO you should authenticate with some sort of session token on every ajax request.
|
# ? Nov 4, 2009 20:28 |
|
Begby posted:I don't think there is any need to poll the server every so many seconds or what not to authenticate. I think you just need to authenticate each request through ajax. I am pretty sure thats what Gmail does, I don't see why you would want to keep checking the server to make sure your login is valid. Everything on the client side is exposed anyways. I didn't actually mean pinging the server every 10 seconds to see whether it's still authenticated, more that there's lots of data that could change client side and 10 sending a bunch of this info every 10 seconds would be less stress on the server than sending every operation individually. Obviously if the user's not done anything in that 10 seconds, the query could be skipped. The app's a post-it note type thing, so operations would be adding/deleting/moving/editing text/resizing/changing z-order.. potentially a lot of requests if I send them all individually. Thanks for the reply though - it would be good to get some more input/ideas
|
# ? Nov 4, 2009 20:53 |
|
|
# ? Jun 4, 2024 03:29 |
|
SFrost007 posted:I looked back a few pages and couldn't see this asked, sorry if it's one of those questions.. Is there a good tutorial covering what issues need to be protected against when making a cookied login system? I've tried looking on Google but can only find tutorials from years ago - I'm sure there's new vulnerabilities since then that need to be accounted for. Client side anything is not secure. Are you saying the authentication status is stored in the client's memory? Baad. On an operation by operation basis is all you can do. Just have the user ID in a session or something and then just have the app check if the signed in ID can do what it's asking on a per request basis. The way you're doing it seems kind of long winded. I suppose you COULD buffer all done operations, and then when they're sent every 10 seconds or so, check that all of the operations done are legit, but it seems kind of pointless. What if someone saves something then quits, the operation would not be sent!
|
# ? Nov 5, 2009 19:33 |